From cdca15e5982c41b95abbc765cae30f06f73df52b Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:10:12 +0100
Subject: [PATCH 1/6] X509_PURPOSE_ANY is ok since 1.0.1+

Let's get it enabled for any case.

Suggested-by: Jakub Zelenka
  https://github.com/php/php-src/pull/6312#discussion_r502807207
---
 ext/openssl/openssl.stub.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php
index f87c82db8277d..b47bae1fc0cb9 100644
--- a/ext/openssl/openssl.stub.php
+++ b/ext/openssl/openssl.stub.php
@@ -44,13 +44,11 @@
  * @cvalue X509_PURPOSE_CRL_SIGN
  */
 const X509_PURPOSE_CRL_SIGN = UNKNOWN;
-#ifdef X509_PURPOSE_ANY
 /**
  * @var int
  * @cvalue X509_PURPOSE_ANY
  */
 const X509_PURPOSE_ANY = UNKNOWN;
-#endif
 
 /* digest algorithm constants */
 

From be0155dc1d17ad5bb834974b85deabf1d889631f Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:11:29 +0100
Subject: [PATCH 2/6] XXX drop, generate it

openssl_arginfo.h should be generated from openssl.stub.php, so drop
this commit
---
 ext/openssl/openssl_arginfo.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h
index c64cc1d1208fb..6b7c207c308ad 100644
--- a/ext/openssl/openssl_arginfo.h
+++ b/ext/openssl/openssl_arginfo.h
@@ -549,9 +549,7 @@ static void register_openssl_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_SIGN", X509_PURPOSE_SMIME_SIGN, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_ENCRYPT", X509_PURPOSE_SMIME_ENCRYPT, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_CRL_SIGN", X509_PURPOSE_CRL_SIGN, CONST_PERSISTENT);
-#if defined(X509_PURPOSE_ANY)
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_ANY", X509_PURPOSE_ANY, CONST_PERSISTENT);
-#endif
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA1", OPENSSL_ALGO_SHA1, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD5", OPENSSL_ALGO_MD5, CONST_PERSISTENT);
 #if !defined(OPENSSL_NO_MD4)

From ed241d46223dc48fb8a1cbda21693797c9a6b37b Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:12:50 +0100
Subject: [PATCH 3/6] Add X509 purpose constant

X509_PURPOSE_OCSP_HELPER, X509_PURPOSE_TIMESTAMP_SIGN are available from
OpenSSL for many years:
  - X509_PURPOSE_OCSP_HELPER, since 2001
  - X509_PURPOSE_TIMESTAMP_SIGN, since 2006
---
 ext/openssl/openssl.stub.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php
index b47bae1fc0cb9..a7e963aec4554 100644
--- a/ext/openssl/openssl.stub.php
+++ b/ext/openssl/openssl.stub.php
@@ -49,6 +49,16 @@
  * @cvalue X509_PURPOSE_ANY
  */
 const X509_PURPOSE_ANY = UNKNOWN;
+/**
+ * @var int
+ * @cvalue X509_PURPOSE_OCSP_HELPER
+ */
+const X509_PURPOSE_OCSP_HELPER = UNKNOWN;
+/**
+ * @var int
+ * @cvalue X509_PURPOSE_TIMESTAMP_SIGN
+ */
+const X509_PURPOSE_TIMESTAMP_SIGN = UNKNOWN;
 
 /* digest algorithm constants */
 

From ae8ba6ef231ebc2468aea8c2b8afb6f2672e6b07 Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:13:19 +0100
Subject: [PATCH 4/6] XXX drop it, openssl_arginfo.h

it should be generated from openssl.stub.php
---
 ext/openssl/openssl_arginfo.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h
index 6b7c207c308ad..4ab7f279b6e40 100644
--- a/ext/openssl/openssl_arginfo.h
+++ b/ext/openssl/openssl_arginfo.h
@@ -550,6 +550,8 @@ static void register_openssl_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_SMIME_ENCRYPT", X509_PURPOSE_SMIME_ENCRYPT, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_CRL_SIGN", X509_PURPOSE_CRL_SIGN, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("X509_PURPOSE_ANY", X509_PURPOSE_ANY, CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_OCSP_HELPER", X509_PURPOSE_OCSP_HELPER, CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("X509_PURPOSE_TIMESTAMP_SIGN", X509_PURPOSE_TIMESTAMP_SIGN, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_SHA1", OPENSSL_ALGO_SHA1, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("OPENSSL_ALGO_MD5", OPENSSL_ALGO_MD5, CONST_PERSISTENT);
 #if !defined(OPENSSL_NO_MD4)

From 8d1261476ca81b18ee6733b52ca0b971889c8dca Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:17:47 +0100
Subject: [PATCH 5/6] test next X509_PURPOSE_

Thanks to the previous commit, we get new constants, let's check and
enforce them:
  X509_PURPOSE_OCSP_HELPER,
  X509_PURPOSE_TIMESTAMP_SIGN
---
 .../tests/openssl_x509_checkpurpose_basic.phpt       | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
index d09317b1d22f7..f0560bd186cdc 100644
--- a/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
+++ b/ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt
@@ -42,6 +42,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN));
 
 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() ] ); */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca)));
@@ -65,6 +67,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca))
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca)));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca)));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca)));
 
 /* int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo = array() [, string $untrustedfile ]] ); function */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT, array($cpca), $utfl));
@@ -88,6 +92,8 @@ var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_SIGN, array($cpca),
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_CRL_SIGN, array($cpca), $utfl));
 var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_ANY, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_OCSP_HELPER, array($cpca), $utfl));
+var_dump(openssl_x509_checkpurpose($sert, X509_PURPOSE_TIMESTAMP_SIGN, array($cpca), $utfl));
 ?>
 --CLEAN--
 <?php
@@ -122,6 +128,8 @@ bool(false)
 bool(false)
 bool(false)
 bool(false)
+bool(false)
+bool(false)
 int(-1)
 int(-1)
 int(-1)
@@ -136,6 +144,8 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)
 bool(false)
 bool(false)
 bool(false)
@@ -157,3 +167,5 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
+bool(false)

From b4d4bc4d4a3d9351abb4bdb57da280722c686938 Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Sun, 14 Jan 2024 18:58:28 +0100
Subject: [PATCH 6/6] generate openssl_arginfo.h from the sub

using:
  ./configure --prefix=/home/vjardin/bin --enable-debug --with-openssl --enable-tokenizer  --disable-all --disable-cgi
  sapi/cli/php build/gen_stub.php -f ext/openssl/openssl.stub.php
---
 ext/openssl/openssl_arginfo.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h
index 4ab7f279b6e40..9f4e69da98c68 100644
--- a/ext/openssl/openssl_arginfo.h
+++ b/ext/openssl/openssl_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 1bb1eab5199d2e72e624f7e93f59dd5114ed7c86 */
+ * Stub hash: 295c11739a3588a8254db2fe904be6f9911f85b3 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0)
 	ZEND_ARG_OBJ_TYPE_MASK(0, certificate, OpenSSLCertificate, MAY_BE_STRING, NULL)